Hey everyone! I have fg 600d with 1000 ipsec users via forticlient, if there any open source solution to integrate second factor (mobile app most preferable) for this
Maybe try https://www.privacyidea.org/
i have not tested it myself but it seems nice…
Or any other open source solution to implement client vpn with mfa?
Are you asking for an open-source VPN client, or for an open-source 2FA/MFA provider?
You could try saml with a provider that uses 2fa in the authentication flow. Then the saml provider wil handle the login and mfa options
An example is authentik
Back in the day I built one with forge rock and freeradius
If you’re looking for Open Source, I believe multiOTP is compatible with FreeRADIUS and is a TOTP/HOTP token server. You should be able to use that with any mobile TOTP app such as Google Authenticator.
Implemented that project with LinOTP once, when pandemy hit and everyone had to switch to WFH. Well, PrivacyIDEA is essentially the same.
Basically you’ll get a management/enrollment web-portal (AD-tied) and web-endpoint for 2FA. Then you’ll need FreeRADIUS installation with LinOTP-plugin pointing to that endpoint.
You could look at either Keycloak or Authetik as SAML providers and use Google authenticator with them. There are no app based 2fa solutions that are Open source as far as im aware.
People still use Dailup IKE in 2023? TIL.
If you want free use pfsense. You can pin hole it
Please clarify, are you looking for an open source solution because you want to review the software client source code? Or are you looking for a solution that is no cost?
Vpnhouse seems to suit you, take a closer look, there is a good VPN and an application.
Yes, if I’m not mistaken Vpnhouse provides such conditions. It’s worth a try at least.
This, we use it
Some features require a support contract but the basic MFA with software tokens is free
I’m using forticlient vpn as a VPN client, and looking for 2fa provider.
Thanks! Is a forge rock free?
If you have Azure AD or Google workspace you can use SAML to auth users with the same MFA as I hope you use for webmail.
One less account for people to remember and one less account to create/remove as users come and go.
It was 9 years ago and yes it was free
Azure AD SSO for Forticlient is really slick as well, have it on a customer site and little to no complaints about it